The infamous Conti ransomware group has officially ceased operations.
This news was shared by Advanced Intel’s Yelisey Boguslavskiy.
Currently, according to Boguslavskiy, the Tor admin panel used by members to conduct negotiations and publish news on Conti’s data leak website is currently offline.
Additionally, another source shared with BleepingComputer that they received notice that other internal services, such as the rocket chat server, were down.
Conti is currently maintaining his attack on the Costa Rican government.
While the Conti ransomware brand is no more, this cybercriminal organization will continue to play an important role in the ransomware industry for a long time to come.
Boguslavskiy told BleepingComputer that instead of changing its name to another major ransomware, Conti’s leadership decided to cooperate with other small ransomware gangs to conduct attacks.
As part of this partnership, a large number of Conti’s experienced negotiators and operations staff will move to work on smaller ransomware companies.
According to a report by Advanced Intel, Conti has cooperated with many famous ransomware such as HelloKitty, AvosLocker, Hive, BlackCat, Nintyyte…
There are also new autonomous groups created by former Conti members that focus solely on data filtering, not data encryption.
These initiatives allow the existing cybercriminal organization to continue operating but no longer under the Conti name.
Conti’s downfall was predicted long ago.
This caused Conti many difficulties.
The US government considers Conti one of the most dangerous ransomware strains ever created.
(Refer to QTM)